Joe Baptista wrote: > Thats not the case with DNScurve. Again I stress - over 20 billion > requests per day at OpenDNS are DNScurve compatible.The traffic in > DNSSEC is chicken feed compared to DNScurve.
Joe, The fact that queries hit servers that are DNScurve capable does not mean that they are taking any advantage of the DNScurve protocol. I'm sure that there are more "DO bit" queries in the world than DNScurve label queries on any given day -- and not only DO bit queries, but queries that hit servers that are DNSSEC capable. The fact that DNScurve allows OpenDNS to continue modifying responses while "proving" that their answers are authentic tells me that there is a gaping hole in the DNScurve protocol... Follow the money. OpenDNS has fought against DNSSEC because it prohibits their "Intelligent Navigation" (Typo correction) and redirection of google... They "approve" of DNScurve because it can be subverted. ; <<>> DiG 9.7.0 <<>> @208.67.222.222 www.google.com [...] ;; ANSWER SECTION: www.google.com. 30 IN CNAME google.navigation.opendns.com. google.navigation.opendns.com. 30 IN A 208.69.32.230 google.navigation.opendns.com. 30 IN A 208.69.32.231 That's not the google I was looking for... I'm in no way saying that BIND won't at some point in the future support DNScurve, I'm just saying that to try to prove the need by pointing to OpenDNS is not the justification that is needed. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users